GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,568 advisories
Filter by severity
Cross-site Scripting in Apache Atlas
Moderate
CVE-2017-3153
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
SimpleSAMLphp Incorrect IV generation for encryption
Moderate
CVE-2017-12871
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 17, 2022
SimpleSAMLphp Unauthenticated encryption in CBC mode
Moderate
CVE-2017-12870
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 17, 2022
Cross-site Scripting in Apache Atlas
Moderate
CVE-2017-3155
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Apache Atlas produces Stack trace in error response
High
CVE-2017-3154
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
OpenStack Swift metadata constraints are not correctly enforced
Moderate
CVE-2014-7960
was published
for
swift
(pip)
May 17, 2022
Smarty arbitrary PHP code execution
High
CVE-2014-8350
was published
for
smarty/smarty
(Composer)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Critical
CVE-2016-3086
was published
for
org.apache.hadoop:hadoop-yarn-server-nodemanager
(Maven)
May 17, 2022
Dolibarr SQL injection vulnerability in admin/menus/edit.php
Critical
CVE-2017-14238
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Dolibarr SQL injection vulnerability in don/list.php
Critical
CVE-2017-14242
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Dolibarr ERP and CRM contain XSS Vulnerability
Moderate
CVE-2017-14241
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure
High
CVE-2017-14240
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
Moderate
CVE-2011-1475
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Authentication Bypass in Apache Tomcat
Moderate
CVE-2012-3546
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Cross-Site Request Forgery in Apache Tomcat
Moderate
CVE-2012-4431
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Improper Access Control in Apache Tomcat
Moderate
CVE-2012-5885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
python-keystoneclient unsecure user password update
Low
CVE-2013-2013
was published
for
python-keystoneclient
(pip)
May 17, 2022
GeniXCMS denial of service (account blockage)
Moderate
CVE-2017-14231
was published
for
genix/cms
(Composer)
May 17, 2022
Dolibarr cross-site scripting (XSS) vulnerability
Moderate
CVE-2017-14239
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
High
CVE-2015-3250
was published
for
org.apache.directory.api:api-ldap-model
(Maven)
May 17, 2022
Moodle XSS Vulnerability
Moderate
CVE-2017-12156
was published
for
moodle/moodle
(Composer)
May 17, 2022
Jenkins HttpOnly flag not Set for session cookies
Moderate
CVE-2014-9635
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API